#Malware-analysis
Showing 60 of 807 repositories tagged #malware-analysis, ranked by stars
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
UNIX-like reverse engineering framework and command-line toolset
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Defund the Police.
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Program for determining types of files for Windows, Linux and MacOS.
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
The FLARE team's open-source tool to identify capabilities in executable files.
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
Reverse Engineer's Toolkit
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
Android virtual machine and deobfuscator
IntelOwl: manage your Threat Intelligence at scale
A curated list of awesome YARA rules, tools, and people.
Tools and Techniques for Blue Team / Incident Response
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
For educational purposes only, exhaustive samples of 500+ classic/modern trojan builders including screenshots.
Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, AbuseIPDB, GreyNoise, URLScan.io, Whois/RDAP, NIST, and VulnCheck. Supports LLM enrichment, IOC extraction, YARA scanning, and Android analysis.
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
State-of-the-art native debugging tools
Android Reverse-Engineering Workbench for VS Code
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Portable Executable reversing tool with a friendly GUI
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Malware Configuration And Payload Extraction
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
A curated list of awesome Android Reverse Engineering training, resources, and tools.
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Materials for Windows Malware Analysis training (volume 1)
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
All-in-One malware analysis tool.
Windows kernel and user mode emulation.
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
VirusTotal Wanna Be - Now with 100% more Hipster
A collection of malware samples caught by several honeypots i manage
yarGen is a generator for YARA rules
A Pin Tool for tracing API calls etc
A curated list of awesome resources related to executable packing
A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.
Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)
Free educational content on reverse engineering and malware analysis from the FLARE team
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
DRAKVUF Black-box Binary Analysis
a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM
🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.
Malcom - Malware Communications Analyzer
A VBA parser and emulation engine to analyze malicious macros.
A library for creating, reading and editing PE files and .NET modules.
Builds malware analysis Windows VMs so that you don't have to.
Loading Remote AES Encrypted PE in memory , Decrypted it and run it